On Wed, 2004-08-11 at 17:40, James Y Knight wrote:
> On Aug 11, 2004, at 3:49 PM, Heikki Toivonen wrote:
> > I've been working on integrating M2Crypto to Twisted. M2Crypto is a
> > Python wrapper for OpenSSL.
>> IMO, this patch is messy and should not be accepted.
I agree, for your stated reasons.
> A switch to an alternative SSL implementation is only worthwhile if it
> lets us get *rid* of all the SSL turds all over the generic tcp code.
> SSL should be implementable as just another protocol. I believe that it
> is currently the fault of PyOpenSSL not exposing the right OpenSSL APIs
> for feeding data to it manually that Twisted's SSL is implemented the
> way it is.
In a sense, this is true, but there is also a fault of Twisted's API:
there needs to be a standard, robust, well-documented way to plug a new
transport type into the reactor. (With one caveat: the current TLS
hacks are totally insane and are likely to remain that way; there's not
much to be done about that.)
So, PyOpenSSL should plug into the reactor as a transport, but all other
(saner) Python SSL implementations ought to plug in as a protocol.
--
_ \ Glyph Lefkowitz |"Strange is the night where black stars rise,
/ \ \ glyph at divmod.com | And strange moons circle through the skies,
` _o_ \-----------------+ But stranger still is, Lost Carcosa"
( ._\ \ - Cassilda's Song, "The King in Yellow", Act 1, Scene 2